Updated: this post has been updated – twice.
I don’t want to cause alarm on this but today I’ve had emails from 11 subscribers to two of my different email lists that I administrate at Aweber complaining that they’ve been inundated with pharmaceutical spam. In each case the subscribers have set up email addresses especially for my newsletters which they use for no other purposes.
In each case they’re complaining of getting the same types of emails – up to 20 of them in a few hours.
At first I thought perhaps my account had been compromised – but I began to do some investigating and am beginning to see some others talk about the same problem. For example @planetmike tweeted about a similar problem here.
I’m not sure if he’s talking about my newsletters – that’s a possibility.
Further searching in a few webmaster forums turns up similar discussions.
Webmaster World – “Today I got pharma/ED spam to various of those unique addresses. After a little research, I found the common thread: The companies I gave those addresses to use AWeber’s services. (AWeber provides mailing list services to businesses, e.g. sending newsletters to a company’s customers.)”
WarriorForum – “Today I am getting deluged with spam to addresses that are on aWeber lists, including a couple of email addresses that have ONLY been given to aWeber.”
From another user in the WarriorForum – “I’ve been having EXACTLY the same issue.
I have some test e-mail addresses that I ONLY use within AWeber and just today I’ve started receiving lots of spam to them.
These are e-mail addresses across multiple domains including my own and others such as GMail, etc.
These e-mails are only housed within AWeber so I know that the problem is somewhere within their systems.”
AWeber takes our security measures very strongly and employee tested technologies and measures to make sure that our system is not compromised. After receiving your email our team went through an exhaustive list of checks just to make sure that there are no indications that connects this spam message you received to an issue with AWeber. All of our tests have come back secure with no reports of intrusion or compromise.
Also note that after looking at the spam message in question we see that members of our teams have also received this same message to their personal addresses that have never been used in conjunction with AWeber.
We’ll continue to monitor our system. And of course if you have any further questions, please feel free to let me know.
I’m hesitant to make a call that Aweber has been compromised (I know they wouldn’t have played a part in this, they’re reputable and it’d be business suicide for them to be caught at that) – perhaps it’s a problem with some email service provider (although from the emails I’ve received it’s impacting people who subscribe with a variety of email providers) but something does seem to be wrong here.
I’ve got emails into Aweber and will update you with their response.
In the mean time – if you have received this spam and you’re on the ProBlogger newsletter list (as some are reporting) I sincerely apologise and hope we can get to the bottom of it.
PS: I’ve sat on this story for 18 hours hoping to get a response from Aweber but it seems that their support don’t work weekends (I’m actually a bit surprised that they don’t seem to have put any response on their blog or Twitter account as I’m now seeing more and more buzz about it in forums and on Twitter). I’ve since had another 10 or so angry complaints from readers and have seen the same thing happening for another list I have on a separate account which I use to promote the ProBlogger Book with Chris Garrett. That account is completely separate to my Aweber account and I don’t even have access to the password of it meaning that it’s not just my Aweber subscribers who are being hit.
Again – this could be a wider issue than just Aweber – perhaps some spammer is using some kind of system to target a whole lot of random email addresses – but it does seem that perhaps it’s somehow more centred around Aweber. Time will tell.
I don’t like to post this as I really love Aweber as a service (they’ve been brilliant since I switched to them) – but because readers seem to be unsubscribing and blaming me for it I wanted to make sure word was out that there may have been a problem.
I’d love to get comments from anyone who has similar experience with this in the last few days. Are your lists complaining of spam at the moment too? Hopefully in getting people’s experiences we’ll be able to help Aweber get to the bottom of what’s happening.
Update: Within half an hour of posting this Aweber got in touch. They’re not ready to make a public statement on this but are happy for me to pass on that they’re aware of it and are “doing extensive investigations into any possible issues.”
From what I can tell they’re collecting lots of data – perhaps if you have any specific data from those in your lists including header information of spam emails it could be worth emailing Aweber to let them know of your problem and any data that you have. I’d suspect that specific information would be helpful to them.
Update 2: Aweber have now made a statement about the compromise of data from their system. You can read my initial reactions to that here.
